Thursday, November 10, 2016

Ethical Hacking students!  I have a contest for you with $50 prizes! 
PayPal for iOS now lets you send and request money through Siri
Publicly traded online payment company PayPal today is announcing that its app for devices running iOS 10 now lets users tell the built-in Siri virtual assistant to send or ask other people for money through PayPal.
“Simply say, ‘Hey Siri, send Bill $50 using PayPal.’  Voila!”  Meron Colbeci, senior director of core consumer products at PayPal, wrote in a blog post.


Still no indication of how this was done?
Anthony Spadafora reports:
Tesco Bank has released more details regarding the cyber attack that took control of its online accounts and led the bank to freeze all of its users online transactions.
Over the weekend the bank was hit by an attack that it initially thought affected 20,000 customers.  However, Tesco Bank has now revealed that only 9,000 accounts were compromised by the security breach.  Though the amount of customers affected is lower than first reported, some of those whose accounts were accessed during the attack lost as much as £2,000.
On Tuesday, Tesco Bank announced that it had refunded £2.5 million to all of those affected by the breach and guaranteed that no personal data was obtained during the attack.
Read more on ITProPortal.

(Related) The bank itself says…
What you need to know
Should I change all of my online banking and personal details that you hold?
Tesco Bank has not been subject to a security compromise and it is not necessary for customers to change their login or password details.  To stay safe online we do recommend that customers regularly change their passwords.

(Related)  The BBC speculates…
Tesco Bank attack: What do we know?
   Tesco did not use the "H" word in its statement and in interviews its chief executive and other people speaking on behalf of the company have been careful in their choice of language.
It has said that the attack was "sophisticated" and that an initial investigation had revealed exactly what had happened.
So far, it has not shared that information but Tesco's actions in the wake of the weekend's events do help to narrow down the possibilities.
By letting customers withdraw cash from ATMs, use cards in shops and pay bills, it suggests that whatever went wrong does not involve the core computer systems underpinning Tesco bank.  These systems used to be run by RBS but since 2008 Tesco has operated independently.
Security expert James Maude, from software company Avecto, said Tesco's decision to suspend online transactions combined with the information that so many people were hit at once clearly suggests problems with its website.
All too often, he said, maintenance or website updates can introduce errors and bugs that were not present before.  Cyber-thieves are constantly scanning valuable websites to spot changes and will swoop if one emerges.
It might also be the case that a third party connected to Tesco had a security issue and attackers got in via that route, which has happened in some of the biggest attacks in recent memory.


A heads-up for about a third of my students.
KKTV reports:
More than 2,100 Colorado veterans may have had their personal information compromised, the VA Eastern Colorado Health Care System (ECHCS) said Wednesday.
At risk are the veterans’ names, the last four digits of their Social Security number and their diagnoses.  According to the ECHCS, the information may have been compromised when a VA employee emailed unencrypted documents to their personal email account.
Read more on KKTV.


An update.  Was anyone at Yahoo managing? 
Yahoo Looking to Determine If Hacker Has Access to User Accounts
Yahoo Inc. is evaluating whether an unidentified hacker has access to its user account data, following a 2014 hack that resulted in the theft of more than 500 million user account records.
In a regulatory filing Wednesday, Yahoo said law-enforcement authorities on Monday “began sharing certain data that they indicated was provided by a hacker who claimed the information was Yahoo user account data.”  Yahoo said it would “analyze and investigate the hacker’s claim.”
   The data could shed some light on what may be the largest theft of consumer data ever.  Yahoo has said previously that it believes its networks were compromised in late 2014 by “state-sponsored” hackers who stole names, email addresses, telephone numbers and dates of birth of more than 500 million users.  But information-security firm InfoArmor Inc. later said the data had been stolen by criminals, rather than a state-sponsored group.
   The company is facing 23 class-action lawsuits following the hack, the filing said.


Next week I lecture on outsourcing to my IT Governance class, but I may post this for my Software Architecture students as well.
Offshoring roulette: lessons from outsourcing to India, China and the Philippines

(Related)
Machine intelligence makes human morals more important
Machine intelligence is here, and we're already using it to make subjective decisions.  But the complex way AI grows and improves makes it hard to understand and even harder to control.  In this cautionary talk, techno-sociologist Zeynep Tufekci explains how intelligent machines can fail in ways that don't fit human error patterns — and in ways we won't expect or be prepared for.


Try.  Long before age 13, some kids will be able to bypass any restrictions – and I think that’s fine!
Irish Legal News reports:
The Department of Justice has launched a consultation on the statutory “age of digital consent” to be applied in Ireland as part of the EU General Data Protection Regulation (GDPR).
Article 8 of the GDPR provides that, in the case of information society services offered directly to a child, parental consent is required where personal information of a child under 16 is collected and shared with other service providers.  Service providers are required to make reasonable efforts to verify that parental consent is given in each case.
However, member states are allowed to adopt a lower age threshold, which cannot be lower than 13.
Read more on Irish Legal News.


Designer pop stars?  Would they recognize another Mozart if they saw one? 
K-Pop’s Global Success Didn’t Happen by Accident
In July 2016, the mega-hit “Gangnam Style” by South Korean singer PSY surpassed 2.6 billion views on YouTube.  Big Bang, a Korean pop (K-Pop) boy band, earned $44 million in 2015, making it among the highest paid in the industry.  Is K-Pop just a passing fad — a matter of a few songs going viral?  The answer is no.  The global success of K-Pop did not happen by accident, nor is it simply an interesting cultural phenomenon.


A statistical analysis.
What A Difference 2 Percentage Points Makes

No comments: